Don't get duped by a PHISHING scam.

A phishing scam is when someone attempts to acquire your personal information by pretending to be a trustworthy entity in an electronic communication.

Did you know Every Day...
156 Million Phishing emails are sent
16 Million Get through email filters
8 Million Phishing emails are opened
800 Thousand Links are clicked
80,000People fall for a phishing scam and voluntarily give away their personal information to a criminal

Phishing Warning Signs

1

Non-personalized greeting

Phishing messages usually do not address you by name, but use a generic greeting, such as "Dear User" or "Dear Customer."
2

Urgent/Threatening language

Threatening language such as "Your access will be revoked if you do not..." or "Your account will be terminated if you do not..." is often used to elicit a response from you.
3

URLs don’t match and are not secure

If an email has a link, be cautious. If you're not on a touch device, hover over the link with your mouse. Does the URL displayed match what you're expecting? Never log into a website that's not secure -- look for "https://."
4

Poor grammar/misspellings

The largest propagators of phishing attacks are from Russia and China where English is not their first language. Use this to your advantage by spotting poor grammar and misspellings as a red flag.
5

Subject matter does not relate

For example, if you don't bank at Wells Fargo, don't fall for a phishing message "from" Wells Fargo.
6

Request for personal information

The telltale sign of a phishing message is the request for personal information. Legitimate institutions should never ask for your personal information via email.

Examples of a phishing scam

Can you spot the phishing signs? Click or hover over the areas with dashed lines to read a description.

On 2/6/14 12:23 PM, "PayPal" <paypal@update.com> wrote:

Dear customer,

We regret to inform you that your account has been restricted.

To continue using our services plese download the file attached to this e-mail and update your personal information.

© 1999 - 2014 PayPal

From: Auburn University [mailto:mwagone@purdue.edu]
Sent: Wednesday, February 05, 2014 8:27 AM
Subject: Letter From Auburn University !!!

You have 1 new Security Message Reference for your account!

Re-Login to confirm your account status [Click here >]

This message should only by those who can read it addressed and its content is not intended for use by any other person.

Copyright © 2014 Auburn University.

Quiz yourself some more

How to Avoid Becoming a Phishing Attack Victim

1

DO NOT reply to emails with any personal information or passwords

If you have reason to believe that the request is real, call the institution or company directly.
2

DO NOT click links in email messages

If you have reason to believe the request is real, type the web address for the company or institution directly into your web browser.
3

DO NOT use the same password for your AU account, bank, Facebook, etc

In the event you do fall victim to a phishing attempt the thieves will try the compromised password in as many places they can.
4

DO change ALL of your passwords

If you suspect any account you have access to may be compromised, whether it is your AU account, Facebook, bank, etc., change them all.
5

DO be cautious when using your phone

It may be easier to miss telltale signs of phishing attempts when reading the email on a smaller screen.

Use a Phishing Filter

Chrome

Chrome

Menu > Settings > Show advanced settings... > Check "Enable phishing and malware protection"
Firefox

Firefox

Tools > Options > Security > Check "Block Reported Attach Sites" and "Block Web Forgeries"
Safari

Safari

Settings > Preferences > Security > Check "Warn when visiting a fraudulent website"
Internet Explorer

Internet Explorer 10+

Tools > SmartScreen Filter > Turn On SmartScreen Filter...

HELP!!!

If you ever reach a page like the one shown below while on the Auburn network, that's OIT helping you to not get phished. OIT currently blocks ~4,000 websites, which also includes entire domains.

OIT Website Blocked Screenshot

Google blocks 10,000+ phishing/malware websites every day. If you run across a website like the one shown below, that's Google looking out for you.

Google Website Blocked Screenshot

Reporting Phishing Attempts